Re: please care and vote for Chinese people under cruel autocracy of CCP, great thanks!

2019-08-28 Thread Dan Ehrlich 
Ant:

Thank you very much for your courage.

All:

The CCP is not communist. If they were that would be fine. They are a
totalitarian government of incredible horror. They also control over 20% of
the world's population with technology orders of magnitude more powerful
than what existed during the regimes of the last century.

For years they've shored up their finances via organ harvesting. The
ultimate purpose of the muslim camps in Xinjiang

is to harvest the organs of over 2 million people, and to generate nearly 1
trillion dollars in revenue before the Chinese bubble finally bursts,
taking the rest of the world's economy along with it. These organs include
those from children, whose organs are particularly valuable due to their
healthy condition, and the fact that children often need multiple organ
transplants compared to adults before their body accepts it.

For context it was the development of ECMO technology
 over the last few years that
made this harvesting extremely powerful.


Best,

Dan Ehrlich
San Antonio, TX
https://linkedin.com/in/danehrlich


On Thu, Aug 29, 2019 at 12:05 AM ant_fighter 
wrote:

> Hi all,
> Sorry for disturbing you guys. Though I don't think here as a proper place
> to do this, I need your help, your vote, your holy vote, for us Chinese,
> for conscience and justice, for better world.
>
> In the over 70 years of ruling over China, the Chinese Communist Party has
> done many horrible things humans can think of. These malicious and evil
> deeds include but are not limited to: falsifying national history,
> suppression of freedom of speech and press, money laundering in the scale
> of trillions, live organ harvesting, sexual harassment and assault to
> underaged females, slaughtering innocent citizens with
> counter-revolutionary excuses, etc.
>
> In light of the recent violent actions to Hong Kongers by the People's
> Liberation Army (PLA) disguised as Hong Kong Police Force, we the people
> petition to officially recognize the Chinese Communist Party as a terrorist
> organization.
> PLEASE SIGNUP and VOTE for us:
>
> https://petitions.whitehouse.gov/petition/call-official-recognition-chinese-communist-party-terrorist-organization
>
> Thanks again for all!
>
> nameless, an ant fighter
> 2019.8.29
>

please care and vote for Chinese people under cruel autocracy of CCP, great thanks!

2019-08-28 Thread ant_fighter 
Hi all,
Sorry for disturbing you guys. Though I don't think here as a proper place to 
do this, I need your help, your vote, your holy vote, for us Chinese, for 
conscience and justice, for better world.

In the over 70 years of ruling over China, the Chinese Communist Party has done 
many horrible things humans can think of. These malicious and evil deeds 
include but are not limited to: falsifying national history, suppression of 
freedom of speech and press, money laundering in the scale of trillions, live 
organ harvesting, sexual harassment and assault to underaged females, 
slaughtering innocent citizens with counter-revolutionary excuses, etc.

In light of the recent violent actions to Hong Kongers by the People's 
Liberation Army (PLA) disguised as Hong Kong Police Force, we the people 
petition to officially recognize the Chinese Communist Party as a terrorist 
organization.

PLEASE SIGNUP and VOTE for us:
https://petitions.whitehouse.gov/petition/call-official-recognition-chinese-communist-party-terrorist-organization

Thanks again for all!

nameless, an ant fighter
2019.8.29

[PATCH] mod_ssl: fix compilation with LibreSSL

2019-08-28 Thread Stefan Strogin 
LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
See also: https://bugs.gentoo.org/668060
---
 modules/ssl/ssl_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 73ab07d64b..63ecf4cc48 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
 modssl_pk_proxy_t *pkp = mctx->pkp;
 STACK_OF(X509) *chain;
 X509_STORE_CTX *sctx;
 X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
 /* For OpenSSL >=1.1.1, turn on client cert support which is
  * otherwise turned off by default (by design).
  * https://github.com/openssl/openssl/issues/6933 */
 SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
 #endif
-- 
2.23.0

Re: svn commit: r1864526 - /httpd/httpd/trunk/modules/metadata/mod_remoteip.c

2019-08-28 Thread Ruediger Pluem 



On 08/28/2019 04:20 PM, Joe Orton wrote:
> On Wed, Aug 28, 2019 at 02:24:40PM +0200, Ruediger Pluem wrote:
>> On 08/06/2019 05:41 PM, jor...@apache.org wrote:
>>> Author: jorton
>>> Date: Tue Aug  6 15:41:22 2019
>>> New Revision: 1864526
> ...
>>> +ret = apr_brigade_length(ctx->bb, 1, &got);
>>> +if (ret || got > want) {
>>> +ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, 
>>> APLOGNO(10185)
>>> +  "RemoteIPProxyProtocol header too long, "
>>> +  "got %" APR_OFF_T_FMT " expected %" 
>>> APR_OFF_T_FMT,
>>> +  got, want);
>>> +f->c->aborted = 1;
>>
>> Shouldn't we do apr_brigade_destroy(ctx->bb) here as well like below?
> 
> The apr_brigade_destroy() calls should be all redundant in the failure 
> cases AFAICT.  Can you see a reason why they need to be explicitly 
> destroyed prior to the pool cleanups running?
> 

Not really. I just noticed that we handle it differently. So I guess just 
removing it in the second case would also
serve the purpose of doing the same thing in case we fail.

Regards

Rüdiger

Re: svn commit: r1864526 - /httpd/httpd/trunk/modules/metadata/mod_remoteip.c

2019-08-28 Thread Joe Orton 
On Wed, Aug 28, 2019 at 02:24:40PM +0200, Ruediger Pluem wrote:
> On 08/06/2019 05:41 PM, jor...@apache.org wrote:
> > Author: jorton
> > Date: Tue Aug  6 15:41:22 2019
> > New Revision: 1864526
...
> > +ret = apr_brigade_length(ctx->bb, 1, &got);
> > +if (ret || got > want) {
> > +ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, 
> > APLOGNO(10185)
> > +  "RemoteIPProxyProtocol header too long, "
> > +  "got %" APR_OFF_T_FMT " expected %" 
> > APR_OFF_T_FMT,
> > +  got, want);
> > +f->c->aborted = 1;
> 
> Shouldn't we do apr_brigade_destroy(ctx->bb) here as well like below?

The apr_brigade_destroy() calls should be all redundant in the failure 
cases AFAICT.  Can you see a reason why they need to be explicitly 
destroyed prior to the pool cleanups running?

Re: svn commit: r1864701 - /httpd/httpd/branches/2.4.x/STATUS

2019-08-28 Thread Ruediger Pluem 



On 08/08/2019 10:53 PM, Christophe JAILLET wrote:
> +1
> 
> Le 08/08/2019 à 15:09, Eric Covener a écrit :
>> CC dev@ I assumed this was safe to just assert.
>>
>> On Thu, Aug 8, 2019 at 9:08 AM  wrote:
>>> Author: covener
>>> Date: Thu Aug  8 13:08:33 2019
>>> New Revision: 1864701
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1864701&view=rev
>>> Log:
>>> no votes for APLOGNO commits.
>>>
>>> 99% sure but please reply
>>>
>>>
>>> Modified:
>>>  httpd/httpd/branches/2.4.x/STATUS
>>>
>>> Modified: httpd/httpd/branches/2.4.x/STATUS
>>> URL: 
>>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1864701&r1=1864700&r2=1864701&view=diff
>>> ==
>>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>>> +++ httpd/httpd/branches/2.4.x/STATUS Thu Aug  8 13:08:33 2019
>>> @@ -122,6 +122,7 @@ CURRENT RELEASE NOTES:
>>>   . documentation
>>>   . non-Unix build
>>>   . non-Unix, single-platform code
>>> +. routine APLOGNO() backports
>>>
>>>   RELEASE SHOWSTOPPERS:
>>>
>>>
>>>
>>
> 
> 

+1

Regards

Rüdiger

Re: svn commit: r1864526 - /httpd/httpd/trunk/modules/metadata/mod_remoteip.c

2019-08-28 Thread Ruediger Pluem 



On 08/06/2019 05:41 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Tue Aug  6 15:41:22 2019
> New Revision: 1864526
> 
> URL: http://svn.apache.org/viewvc?rev=1864526&view=rev
> Log:
> * modules/metadata/mod_remoteip.c (remoteip_process_v2_header,
>   remoteip_input_filter): Add sanity checks.
> 
> Submitted by: jorton, Daniel McCarney 
> 
> Modified:
> httpd/httpd/trunk/modules/metadata/mod_remoteip.c
> 
> Modified: httpd/httpd/trunk/modules/metadata/mod_remoteip.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_remoteip.c?rev=1864526&r1=1864525&r2=1864526&view=diff
> ==
> --- httpd/httpd/trunk/modules/metadata/mod_remoteip.c (original)
> +++ httpd/httpd/trunk/modules/metadata/mod_remoteip.c Tue Aug  6 15:41:22 2019
> @@ -987,15 +987,13 @@ static remoteip_parse_status_t remoteip_
>  return HDR_ERROR;
>  #endif
>  default:
> -/* unsupported protocol, keep local connection address */
> -return HDR_DONE;
> +/* unsupported protocol */
> +ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(10183)
> +  "RemoteIPProxyProtocol: unsupported 
> protocol %.2hx",
> +  (unsigned short)hdr->v2.fam);
> +return HDR_ERROR;
>  }
>  break;  /* we got a sockaddr now */
> -
> -case 0x00: /* LOCAL command */
> -/* keep local connection address for LOCAL */
> -return HDR_DONE;
> -
>  default:
>  /* not a supported command */
>  ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(03507)
> @@ -1087,11 +1085,24 @@ static apr_status_t remoteip_input_filte
>  /* try to read a header's worth of data */
>  while (!ctx->done) {
>  if (APR_BRIGADE_EMPTY(ctx->bb)) {
> -ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block,
> - ctx->need - ctx->rcvd);
> +apr_off_t got, want = ctx->need - ctx->rcvd;
> +
> +ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block, want);
>  if (ret != APR_SUCCESS) {
> +ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, 
> APLOGNO(10184)
> +  "failed reading input");
>  return ret;
>  }
> +
> +ret = apr_brigade_length(ctx->bb, 1, &got);
> +if (ret || got > want) {
> +ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, 
> APLOGNO(10185)
> +  "RemoteIPProxyProtocol header too long, "
> +  "got %" APR_OFF_T_FMT " expected %" 
> APR_OFF_T_FMT,
> +  got, want);
> +f->c->aborted = 1;

Shouldn't we do apr_brigade_destroy(ctx->bb) here as well like below?

> +return APR_ECONNABORTED;
> +}
>  }
>  if (APR_BRIGADE_EMPTY(ctx->bb)) {
>  return block == APR_NONBLOCK_READ ? APR_SUCCESS : APR_EOF;
> @@ -1139,6 +1150,13 @@ static apr_status_t remoteip_input_filte
>  if (ctx->rcvd >= MIN_V2_HDR_LEN) {
>  ctx->need = MIN_V2_HDR_LEN +
>  remoteip_get_v2_len((proxy_header *) ctx->header);
> +if (ctx->need > sizeof(proxy_v2)) {
> +ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, 
> APLOGNO(10186)
> +  "RemoteIPProxyProtocol protocol header 
> length too long");
> +f->c->aborted = 1;
> +apr_brigade_destroy(ctx->bb);
> +return APR_ECONNABORTED;
> +}
>  }
>  if (ctx->rcvd >= ctx->need) {
>  psts = remoteip_process_v2_header(f->c, conn_conf,
> 
> 
> 

Regards

Rüdiger